Tech Support banner

Status
Not open for further replies.
1 - 3 of 3 Posts

·
Registered
Joined
·
1,481 Posts
Discussion Starter #1
PASSPORT SECURITY BREACH FIXED BUT ... WHAT THE HECK
A Pakistani researcher found a strange and simple security hole in Microsoft's Passport system that could have revealed credit card numbers and other person information for every user on the system. The flaw, which the company immediately fixed, was triggered by a simple URL that the company sent to users who wanted to reset their passwords. The URL contained the user's email address, and by changing that part of the URL to another user's address, an attacker could change the passwords for other Passport accounts and therefore gain access to those accounts. Given Microsoft's recent conversion to the Trustworthy Computing initiative, the revelation of such a simple-minded flaw in Passport is somewhat troubling, to say the least.
 

·
Registered
Joined
·
1,393 Posts
This is the reason our security people refuse to let us run IIS, Netmeeting, Media Player, etc. etc.

Remember M$ <> Security or Microsoft + Security = Oxymoron.
 

·
TSF Enthusiast
Joined
·
6,298 Posts
I don't trust my computer as far as I can throw it (which wouldn't be far since the thing weighs a ton)
 
1 - 3 of 3 Posts
Status
Not open for further replies.
Top